On Monday, April 21, 2014 12:10:05 PM UTC-4, Strahinja Kustudić wrote: >>Add a key
ssh key? That is part of what I already >> that would make it also safer for you, since you would need to type a password before doing any changes on production servers. My plan is to have a key for the ssh key and then use ssh-agent. >>What I would recommend though is that you just close down SSH in your firewall to all except addresses which are going to be used as managing servers Very often not possible. Depending on the size of an organization you may have: Mobile users Users working from home Users from multiple offices If my suggested approach worked, that would be a possible alternative for the original poster. In that case he would not even need to have a sudo user. Hence, whey I am asking if that suggested approach is considered safe from a "best practices" standpoint. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a7ebe81c-a674-4ada-a2c2-8baa3030f054%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
